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CN ■ Abstract 

j-~H" Gradecast is a simple three-round algorithm presented by Feldman and Micali. The current 

work presents a very simple synchronous algorithm that utilized Gradecast to achieve Byzantine 



agreement. Two small variations of the presented algorithm lead to improved algorithms for 
UN ' solving the Approximate agreement problem and the Multi-consensus problem. 

An optimal approximate agreement algorithm was presented by Fekete, which supports up 

to \n Byzantine, nodes and has message complexity of 0(n k ), where n is the number of nodes 
f) , and k is the number of rounds. Our solution to the approximate agreement problem is optimal, 

simple and reduces the message complexity to 0(k ■ n 3 ), while supporting up to ^n Byzantine 

nodes. 



CC • Multi consensus was first presented by Bar-Noy et al. It consists of consecutive executions of 

£ Byzantine consensuses. Bar-Noy et al., show an optimal amortized solution to this problem, 
assuming that all nodes start each consensus instance at the same time, a property that cannot be 
guaranteed with early stopping. Our solution is simpler, preserves round complexity optimality, 
allows early stopping and does not require synchronized starts of the consensus instances. 
0\ ' 

1 Introduction 

Byzantine consensus [12] is one of the fundamental problems in the field of distributed algorithm. 
Since its appearance it has been the focus of much research and many variations of the Byzantine 
consensus problem have been suggested (see [13, 2]). In the current work we are interested in the 
Byzantine consensus problem and two such variations: multi consensus and approximate agreement. 

In the Byzantine consensus problem each node p has an input value v p , and all non-faulty nodes 
rS \ are required to reach the same output value v ( "agreement"), s.t. if all non-faulty nodes have the 

same input value v' then the output value is v' , i.e., v = v' ( "validity"). 

Approximate agreement [4] aims at reaching an agreement on a value from the Real domain, 
s.t. the output values of non-faulty nodes are at most e apart; and are within the range of non- 
faulty nodes' inputs. The multi consensus problem [3] consists of sequentially executing £ Byzantine 
consensuses one after the other. 

The first two problems can be solved in a way that overcomes the 0(t) round complexity lower 
bound of Byzantine consensus [8], where t is the number of faulty nodes. Approximate agreement 
overcomes the lower bound by relaxing the "validity" property. Regarding multi consensus, it is 
reasonable to think that the 0(t) lower bound leads to an 0{£ ■ t) lower bound for multi consensus. 
However, [3] shows how to solve £ sequential Byzantine consensuses in 0(£ + t) rounds, assuming 
synchronized starts of the different consensuses instances. 
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In all three problems it is interesting to compare the round-complexity when there are / < t 
failures. That is, it is known that t must be < ^n (n is the number of nodes in the system). 
However, what if in a specific run there are only f < t failures? Can the Byzantine consensus / 
approximate agreement / multi consensus problem be solved quicker? The answer is "yes" on all 
three accounts. The property of terminating in accordance to the actual number of failures / is 
termed "early-stopping". The three solutions presented in this paper all have the early-stopping 
property. 

The solutions presented herein all use Gradecast as a building block. Gradecast was first 
presented in [7], and has been used in many papers since (for example, [9]). In Gradecast a single 
node gradecasts its value v, and each non-faulty node p has a pair of output values: a value v p and 
a confidence c p £ {0, 1, 2}. The confidence c p provides information regarding the v q values obtained 
at other non-faulty nodes, q (see more in Section 2.1), and thus allows p to reason about q's output 
value. 

Specifically, we use Gradecast to detect faulty nodes and ignore them in future rounds. The 
idea to try and identify faulty nodes and ignore them in future rounds (not necessarily using 
Gradecast) has been around for some time (for example [1, 3, 5, 6, 16, 10]). [3] uses it to achieve 
efficient sequential composition of Byzantine consensuses. In [6] a similar notion of "identifying" 
faulty nodes and ignoring them is used to efficiently solve the approximate agreement problem. In 
essence, our usage of Gradecast "transforms" Byzantine failures into crash failures. 

Gradecast provides a simplification of the above notion. By using Gradecast we ensure that 
either a Byzantine node z discloses its faultiness, or all non-faulty nodes see the same message from 
z. By using a very simple iterative algorithm we solve Byzantine consensus problem, multi consen- 
suses and approximate agreement. All solutions are simple, optimal in their resiliency (t < An), 
stop-early and optimal in their running time (up to a constant factor induced by using Gradecast 
in each iteration). Moreover, for the approximate agreement and multi consensuses, our solutions 
improve upon previously known solutions. 

1.1 Related Work 

Approximate Agreement: Approximate agreement was presented in [4]. The synchronous so- 
lution provided in [4] supports n > 3t and the convergence rate is , n _ 2t +i i — r per round, which 

L * J 

asymptotically is ~ I * j after k rounds. To easily compare the different algorithms, we con- 
sider the number of rounds it takes to reach convergence of -. For [4], within O(logn) rounds 
the algorithm ensures all non- faulty nodes have converged to -. The message complexity of [4] is 
0{n 2 ) per each round of the k rounds. 

In [6] several results are presented. First, for Byzantine failures there is a solution that tolerates 

n > At and converges to — within O ( lo °^" I rounds. For crash failures, [6] provides a solution 
tolerating n > 3t that converges to ^ within O ( , "f" ) rounds. The message complexity of both 



log log n 

algorithms is 0(n ). Moreover, [6] shows a lower bound for the Byzantine case of O ( ] °f ! n 

rounds to reach ^ convergence. 

Using failure-transformers, the crash resistant algorithm from [6] can be transformed into a 
Byzantine resistant algorithm (for example [14]). Such a translation has a constant multiplicative 
overhead in the round complexity. The transformed algorithm is tolerant to n > 3t and has the 
original convergence rate up to a constant factor. 

[17] solves the approximate agreement problem while tolerating n > 3£ Byzantine failures; it 



Table 1: Comparison of different approximation algorithms 



Rounds 



Resiliency 



Message comp. 



Early-stopping? 



[4]'s approximate agreement 



O (log n) 



n>3-t 



0(k-n 2 ) 



/ 



[6]'s "direct" algorithm 



q I logn 
■ log log n 



n> A-t 



0(n k 



[6]'s "indirect" algorithm (crash- 
failure + transformation) 



O 



logn 
log log n 



n>3-t 



0(n k 



[17] 's approximate algorithm 



O 



logn 
log log n 



n>3-t 



0(n) as j — > oo 



current 



q I logn 
■ log log n 



n>3-t 



0(k-n 3 ) 



/ 



converges to - within O 



logn 



rounds. Moreover, [17] presents algorithms with short messages 
oo), but when n > At. it requires exponential message 
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for small ratios of Byzantine, nodes (? 
size. 

The solution presented in the current paper has a better convergence rate than that of [4]; it 
has a higher Byzantine tolerance ratio than that of [6, 17] (i.e., n > 3t instead of n > At) and also 
has an exponential improvement in the message complexity over that of [17] and [6] (from 0(n ) 
to 0(k ■ n 3 )). Moreover, the presented solution is simple and has a shorter presentation and much 
simpler proofs than the solutions of [6, 17]. 

Multi Consensus: The algorithm Multi-Consensus presented in [3] solves £ sequential Byzantine 
consensuses within 0(t + £) rounds and is resilient to n > 3t. However, [3] assumes that the starts 
of the different £ consensuses are synchronized, a property that cannot be ensured when a consensus 
stops early. In the current paper we show how to adapt ideas from [11] such that our solution does 
not require synchronized starts of the different consensuses. 

In summary, a main contribution of this work is its simplicity. Using gradecast as a building 
block we present a very simple basic algorithm that solves the Byzantine consensus problem and two 
small variations of it that solve multi consensus and approximate agreement. All three algorithms 
support n > 3t, have the early-stopping property and are asymptotically optimal in their running 
time (up to a constant multiplicative factor). Aside from the simplicity, following are the properties 
of the presented algorithms: 

1. The basic algorithm solves the Byzantine consensus problem and terminates within 
3 • min {/ + 2, t + 1} rounds. 

2. The first variation solves the approximate agreement problem, with convergence rate of 

)k 
• pr, per 3 • k rounds (i.e., within Q( [ ?" ) rounds it converges to ^). The message 

complexity is 0(k ■ n 3 ) per k rounds, as opposed to 0(n k ) of the previous best known results. 
Moreover, the solution dynamically adapts to the number of failures at each round. 

3. The second variation solves £ sequential Byzantine consensuses within 0(t + £) rounds, and 
efficiently overcomes the requirement of synchronized starts of the consensus instances (a 
requirement assumed by [3]). 

We start with Section 2 that presents the assumed model. In Section 3 the basic algorithm is 
presented and is proved to solve the Byzantine consensus problem. The proofs are straightforward 
and are used as an intuitive introduction to the basic Gradecast schema. Section 4 presents a 
variation of the algorithm that solves the approximate agreement. Section 5 describes how to solve 



Algorithm gradecast (<j, ignore^) 



/* Initialization */ /* executed on node p with leader node q */ 

1 : set ignore all messages being received below from nodes in IGNORE^; 
2: if p = q then v = 'the input value'; 



/* Dissemination */ 
3 : round 1 The leader q sends v to all: 
4 : round 2 p sends the value received from q to all; 
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/* Notations */ 

let (j,Vj) represent that p received Vj from j; 

let maj be a value received the most among such values; 

let #maj be the number of occurrences of maj; 

/* Support */ 

round 3 if #maj > n — t then p sends maj to all; 

/* Notations */ 

let (j, v'j) represent that p received v'j from j; 

let maj' be a value received the most among such values; 

let #maj' be the number of occurrences of maj'; 

/* Grading */ 

if -j^maj > n — t set v p := maj and c p := 2; 

otherwise, if #maj' > t + 1 set v p :— maj' and c p := 1; 



otherwise set v v =_L and c„ 



0: 



15: return (q,v p ,c p ); 



Figure 1: gradecast: The Gradecast protocol 



the multi consensus problem. Lastly, Section 6 summarizes and concludes the work. 



behave arbitrarily 



2 Model 

The system consists of n nodes, out of which up to t < ,n may be Byzantine, i.e. 
and collude together. Denote by / < t the actual number of faulty nodes in a given run. Commu- 
nication is assumed to be synchronous and is done via message passing. The communication graph 
is complete graph . 

The Byzantine consensus problem consists of each node p having an input value v p from a finite 
set V (i.e., v p & V). Each node p also has an output value o p G V. Two properties should hold: 

1. "agreement": o p = o q for any two non- faulty nodes p, q (thus we can talk about the output 
value of the algorithm) ; 

2. "validity": if all non- faulty nodes start with the same input value v, then the output value of 
the algorithm is v. 



2.1 Gradecast 

Gradecast [7] is a distributed algorithm that ensures some properties that are similar to those of 
broadcast. Specifically, in Gradecast there is a sender node p that sends a value v to all other 



nodes. Each node g's output is a pair (v g , c q ) where v q is the value q thinks p has sent and c q is g's 
confidence in this value. The Gradecast properties ensure that: 

1. if p is non-faulty then v q = v and c q = 2, for every non-faulty q; 

2. for every non- faulty nodes q, q': if c q > and c q / > then v q = v„>; 

3. \c q — c q '\ < 1 for every non-faulty nodes q, q' . 

The protocol in Figure 1 is basically the original protocol presented in [7] with explicit handling 
of boycotting messages coming from nodes known to be faulty. 

Theorem 1 There is a 3 round Gradecast algorithm. 

Proof: Figure 1 presents such an algorithm. Assuming that at initiation ignore p , for every 
non-faulty node p, contains only faulty nodes, then the proof of [7] holds. □ 

The implementation in Figure 1 implies the following claim. 

Claim 1 // the leader q, q £ lGNORE p for every non-faulty p then following the completion of 
GRADECAST, c p = for every non-faulty p. 

Proof: Every non-faulty node ignores all messages send by q and as a result every non-faulty 
node will return c p = 0. □ 

3 Simple Byzantine Consensus 

The idea behind the ByzConsensus algorithm (Figure 2) is to use gradecast as a means of forcing 
the Byzantine nodes to "lie" at the expense of being expelled from the algorithm. That is, at each 
iteration a node p will gradecast its own value, and then consider the values it received: a) any 
node that gradecasted a value with confidence < 1 will be marked as faulty, and will be ignored for 
the rest of the algorithm; b) any value with confidence > 1 will be considered, and p will update 
its own value to be the majority of values with confidence > 1. Moreover, this mechanism ensures 
that for a faulty node z, if different non-faulty nodes consider different values for z's gradecast, 
then at least one of them should obtain the value with zero confidence. For example, one considers 
z gradecasted "0" with confidence 1, and the other considers z gradecast's confidence to be 0. The 
result of such a case is that all non-faulty nodes will mark z to be faulty, and will remove it from 
the algorithm. In other words, a Byzantine node can produce, using gradecast, contradicting 
values to non-faulty nodes at most once. 

Denote by L)BAD r the union of all BAD variables for non-faulty nodes at the beginning of 
iteration r. Similarly, denote by f]BAD r the intersection of all BAD variables for non-faulty nodes 
at the beginning of iteration r. 

Claim 2 If L)BAD r contains only faulty nodes, then the properties of gradecast, following its exe- 
cution in Line 3, hold. 

Proof: Ignoring messages of faulty nodes does not affect the properties of gradecast, since 
gradecast works properly no matter what the faulty nodes do. Specifically, ignoring messages from 
faulty nodes is equivalent to the faulty nodes not sending those messages. □ 

Claim 3 // UBAD r contains only faulty nodes, then \jBAD r +i contains only faulty nodes. 



Algorithm Byz Consensus 



/* Initialization */ /* executed on node p */ 

1 : set BAD := 0; 

/* Main loop */ 
2 : for r := 1 to t + 1 do: 
3: gradecast(p, BAD) with input value v; 

/* Notations */ 
4: let (q,v,c) represent that q gradecasted v with confidence c; 

5: let maj be the value received the most among values with confidence > 1; 

(if there is more than one such value, take the lowest) 
6 : let #maj be the number of occurrences of maj with confidence 2; 

/* Updates */ 
set v :— maj; 

set BAD := BAD U {q | received {q, *, c) with c < 1}; 
9 : if #maj > n — t then break loop; 

10: end for 

11 : if executed for < t + 1 iterations then participate in one more iteration; 
12: return v; 

Figure 2: ByzConsensus: a simple Byzantine consensus algorithm 

Proof: Consider a non-faulty node q. By Claim 2, q's gradecast confidence is 2 at all non-faulty 
nodes. Thus, no non-faulty node adds q to BAD in the current iteration. Therefore, UBAD r+ \ 
contains only faulty nodes. □ 

Corollary 1 The gradecast invoked in Line 3 satisfies the gradecast properties, and L)BAD r 
never contains non-faulty nodes. 

Proof: By iteratively applying Claim 2 and Claim 3. □ 

Claim 4 // at the beginning of some iteration all non-faulty nodes have the same value v, then all 
non-faulty nodes that are still in the main loop exit the loop and update their value to v. 

Proof: All non- faulty nodes see at least n — f copies of v with confidence 2. Thus, by Line 5,7 
they all update their value to v, and (if they are still in the loop) by Line 9 they all exit it; □ 

Claim 5 If non-faulty nodes p,q have different values of maj at iteration r, then \ n BAD r+ \\ > 
| r\BAD r \. 

Proof: If p has a different value of maj than q, then (w.l.o.g.) by the definition of maj (Line 5) 
there is some Byzantine node z such that p received (z,u,*) from z's gradecast, and q received 
{z,u',*), s.t. u / u' . By the properties of gradecast, all non-faulty nodes have confidence of at 
most 1 for z's gradecast. Therefore, by Line 8, all non-faulty nodes add z to BAD. That is, 
z £ C\BAD r+1 . 

To conclude the proof, we need to show that z ^ DBAD r . Since p and q see different confidence 
for z's gradecast, we conclude that some non-faulty node didn't ignore z's messages. (Otherwise, by 
Claim 1, z gradecast confidence would have been at all non- faulty nodes.) Therefore, we conclude 
that z i C\BAD r . □ 



Claim 6 // all non-faulty nodes have the same value of maj at iteration r, then all non-faulty 
nodes end iteration r with the same value v. 

Proof: Immediate from Line 7. □ 

Claim 7 If some node p breaks the main loop due to Line 9 during iteration r, then all non-faulty 
nodes end iteration r with the same value v. 

Proof: For p to pass the condition of Line 9, jfmaj must be at least n — t. That is, p sees at 
least n — t gradecast values equal to maj with confidence 2. From the properties of gradecast, all 
other non- faulty nodes see n — t gradecast values equal to maj with confidence > 1 . By Line 5 , 7 
they all update their value to be that same value. □ 

Theorem 2 ByzConsensus solves the Byzantine consensus problem. 

Proof: From Claim 4 it is clear that "validity" holds. To show that "agreement" holds we 
consider two different cases. First, if a non- faulty node passes the condition of Line 9 in the first t 
iterations, then by Claim 7 and Claim 4 "agreement" holds. 

Second, if no non-faulty node ever passes the condition of Line 9 in the first t iterations, then all 
non-faulty nodes perform the main loop of ByzConsensus t + 1 times. By Claim 6 and Claim 4 
this means that in every iteration of the first / iterations there is some pair of non-faulty nodes 
that have different values of maj. By Claim 5 |ni?AD t +i| > \C\BAD t \ > ••• > |["lBADi| = 0. 
Thus, \C\BADt + \\ > t. Therefore, in iteration t + 1 all non- faulty nodes ignore all Byzantine 
nodes' messages. Therefore, all non-faulty nodes see the same set of gradecasted messages (all with 
confidence 2) and thus they all agree on the value of maj. By Lemma 6 all non- faulty nodes end 
iteration t + 1 with the same value of v. □ 

Remark 3.1 Notice that the above proof also proves the "early stopping" property of ByzConsen- 
sus. More specifically, if there are f < t actual failures, then ByzConsensus terminates within 
min{/ + 2, t + 1} iterations (each iteration takes 3 rounds). 

4 Approximate Agreement 

In this section we are interested in an algorithm that solves the approximate agreement problem [4] . 
Approximate agreement is somewhat different from Byzantine agreement. Specifically, each node 
p has a real input value v p G 3ft and a real output value o p G K. Denote by L (H resp.) the lowest 
(highest resp.) input values of non-faulty nodes. Given a constant e the approximate agreement 
problem requires that: 



1. "agreement": \o p — o q \ < e for any two non-faulty nodes p, q; 

2. "validity": o p G [L,H] for every non-faulty node p. 



The algorithm ApproxAgree in Figure 3 has the following iterative structure: a) gradecast 
v to everyone; b) collect all values received into a multi-set; c) perform some averaging method 
(denote it by AVG) on the multi-set, and use that as the input of the next iteration. AVG removes 
the t lower and higher values, then computes the average of the remaining set. 

For e = ~ the algorithm in Figure 3 requires 0( lo °fJ l ) iterations. The best previous 
approximate agreement that has an early-stopping property, polynomial message size and supports 
n > 3t Byzantine nodes (see [4]), requires O(logn) iterations. 
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Algorithm AppROxAGREE(e) 



/* Initialization */ /* executed on node p */ 

1 : set BAD := 0; 

/* Main loop */ 
2 : while true do: 
3: gradecast(p, BAD) with input value v; 

/* Notations */ 
4: let (q,v,c) represent that q gradecasted v with confidence c; 

5: let values be the multiset of received values with confidence > 1, 

and add "0" until values contains n items; 
6 : let values' be the multiset of received values with confidence 2; 

/* Updates */ 
set v :— AVG(values); 

set BAD := BAD U {q | received {q, *, c) with c < 1}; 
9: if there are n — t items in values' that are at most e apart, then break loop; 

10 : end while 

11 : participate in one more iteration; 
12: return v. 

Figure 3: ApproxAgree: an efficient approximate agreement algorithm 

In a similar manner to ByzConsensus (Section 3) only Byzantine nodes can be added to the 
BAD set of any non-faulty node, and a given Byzantine node z's value can be viewed differently 
by different non-faulty nodes at most once. That is, each Byzantine node can "lie" at most once. 

Denote by V r the multi-set containing the values v of all non-faulty nodes at the beginning of 
iteration r. Denote by L(M) the lowest value in M and by H(M) the highest value in M. M t is 
the multi-set M after the t lowest and t highest values have been removed. Using these notations, 
the AVG method is defined as: 



AVG(M) 



X/eeM' 



|M*| 
Remark 4.1 The AVG method has the following properties: 

1. AVG(M) £ [L(M'),F(M i )]; 

2. if M contains n — t values in the range [v, v + e] then AVG(M) G [v, v + e]; 

3. for x < t: if M is a multi-set of n — x values, and M\ and M<i contain M and additional x 
items (i.e., Mi,M2 differ by at most x values) then 

\AVG(M!) - AVG(M 2 )\ < (H(M) - L(M)) 



n-2t 



Proof: 



1. AVG(M) is the average of the set M 4 , which is clearly between the lowest value in M*, and 
the highest value in M t . 

2. Since M contains n — t values in the range [v, v + e], then by removing the t highest values we 
remain with values that are all at most v + e; that is, H{M l ) < v + e. Similarly L{M l ) > v. 
Thus, the average of M t is in the range [v, v + e]. 



3. Since \M\\ = |M|| = n — 2t, we need to evaluate the difference between | X^eeA/* e — SeeM* e l- 
Since Mi and M 2 differ by at most x values, M|, M| differ by at most x values as well. Since 
x < t, each of these values is in the range [L(M),H(M)]; therefore, | X^eeM* e ~~ X^eeM* e l — 
(H(M) - L(M)) ■ x. By dividing both sides by |AfJ| we have that \AVG(Mx) - AVG(M 2 )\ < 
(tf(M)-L(M))-^. 

n 

Remark 4.2 Notice that for any pair of non-faulty nodes p, q it holds that the set 'values ' of p 
contains at least n — f exact same values as 'values ' of q. Moreover, 'values' ' of p is contained in 
'values' of q. 

Claim 8 For non-faulty p, at the end of iteration r, the value v is in the range [L(V r -i),H(V r -i)}. 

Proof: Immediate from the first property of AVG, and the fact that all non-faulty nodes' values 
are in the set values of p (which stems from Gradecast's properties). □ 

Claim 9 If a non-faulty node p exits the main loop in Line 9 in iteration r then H(V r ) — L(V r ) < e. 

Proof: Due to the properties of gradecast, values of node q contains the set values' of node 
p. Thus, if p passes the condition in Line 9 then values of q contains n — t values in the range 
[v, v + e] (for some v). Therefore, by the second property of AVG, node g's computed value will be 
in the range [v, v + e]. This claim holds for every non- faulty q, for the same value of v. That is, all 
non-faulty nodes compute their new value to be in the range [v, v + e]; I.e., within e of each other. 

□ 

Claim 10 If H(V r ) — L(V r ) < e for some iteration r, then every non-faulty node p that is still in 
the main loop, exits the main loop (Line 9) during iteration r. 

Proof: In iteration r every non-faulty node p sees n — f values with confidence 2 that are within 
e of each other and thus (if p is still in the main loop) passes the condition of Line 9. □ 

Denote by NEW r := | n BAD r +\\ — | n BAD r \; i.e., NEW r is the number of Byzantine nodes 
detected as faulty (by all non-faulty nodes) during iteration r. 



Claim 11 For every iteration r it holds that H(V r +i) — L(V r +i) < (H(V r ) — L(V r )) 



NEW r 

n-lt 



Proof: We consider two cases. First, if NEW r = then no new Byzantine node is added to 
nBAD r+ i. I.e., , every Byzantine node z £ C\BAD r is seen by some non-faulty node p as having 
gradecast value with confidence 2. Thus, every non-faulty node sees the same gradecast value of 
z. For Byzantine z G (~)BAD r all non-faulty nodes ignore z's messages. Therefore, all non-faulty 
nodes have the same value of the set values and thus they all update v in the same manner. I.e., 
H(V r+1 ) - L(V r+1 ) = 0. 

Continue with the case where NEW r > 0. In a similar manner to the first case, for every node 
z £ DBAD r and for every node z ^ nBAD r +i the non-faulty nodes have the same gradecast value 
of z. Thus, for two non- faulty nodes p,q there are at most | n BAD r+ \\ — \ n BAD r \ = NEW r 
different values in their values sets. By the third property of the AVG method, AVG(values) of p 
and AVG(values) of q are at most (H(V r ) - L(V r )) ■ ^^- apart. □ 



Claim 12 Assume AppROxAGREE(e) runs for k iterations, and no non-faulty node has exited the 
main loop. Then, H(V k+1 ) - L{V k+l ) < ^ ■ (^) . 

Proof: At each iteration r, by Claim 11 H(V r+l ) - L(V r+1 ) < (H(V r ) - L(V r )) • *£&. That is, 
after the fc's iteration we have that H(Vk+i) — L(Vk+i) < (H — L) ■ Y[ i= i n -2t • ^e wors t value 
of Ui=i ^r is reached when NEWi = NEWj for every *, j e {1, . . . , k}. I.e., when NEWi = £. 

From the above we have that H (V k+1 ) - L(V k+l ) < (H - L)-]lLi At = ( H ~ L )\iTk) -j?- 

U 



AppROxAGREE(e) converges within at most O I , °, gn I rounds. 



Theorem 3 AppROxAGREE(e) solves the approximate agreement problem, and for e = — — 

logn 
> log log n / 

Proof: "validity" holds by iteratively applying Claim 8. 

If some node terminates, then by Claim 9 and Claim 10 all nodes terminate within one itera- 
tion. Moreover, by Claim 10 and by applying Claim 12 for large enough values of k we have that 
eventually some node terminates; thus proving "agreement". 

Assume towards contradiction that ApproxAgree( ~ ) runs for r = [ lo °^" ] iterations 

and has not terminated yet. By Claim 12 we have that H(V r +i) — L(V r +i) < ~ r . Consider 

( log n \ 
Iof^ 10Sl0g "J = n|fe • log(lofe) = loffegll • 0o« log" - logloglogn). Since loglogn - 

( log n \ 
_og_n_ log log n j y llogn. Con- 

log n 

eluding that lQ l °f Q ™ n loglos " > ^/n. Therefore, H(V r+1 ) - L(V r+1 ) < ^^. By running the algorithm 

for 2r = 2r E |S^] we have that H{V 2r+l ) - L(V 2r+l ) < Z=± = e. 

By Claim 10 every non-faulty node terminates by the end of iteration 2r + 2. Each itera- 
tion is composed of a constant number of rounds, hence ApproxAgree ( ~ ) terminates within 

O (r^-) rounds. □ 

\^loglogny 

Remark 4.3 Notice that ApproxAgree has the early stopping property in two senses. First, 



if there are f < t failures then the convergence rate for k iterations is ( ^^ ) ' Tk ■ Second, 
in each iteration, the convergence of ApproxAgree depends solely on the number of discovered 
failures; which leads to a quick termination of the algorithm if in some iteration no new failures 
are discovered (or if few new failures are discovered). 

5 Sequential Executions of Consensuses 

In [3] the authors investigate the Multi-consensus problem: suppose we want to execute a sequence 
of Byzantine consensuses, such that each consensus possibly depends on the output of the previous 
consensus. That is, we must execute the consensuses sequentially and not concurrently. (The 
concurrent version is termed "interactive consistency", initially stated in [15].) 

The first solution that comes to mind is to simply execute £ instances of Byzantine consensus 
one after the other. However, due to the 0(f) round lower bound on Byzantine consensus [8], a 
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naive sequential execution will lead to a running time of 0(£ ■ /). In [3] they give a solution that 
has total running time of 0(f + £). 

However, [3] assumes that at each consensus instance all correct nodes start the consensus at 
once; that is, they are always synchronized. This implies that for every one of the £ consensuses, 
all nodes know exactly when the consensus starts. This assumption is problematic, since due to 
the early-stopping nature of the algorithm used in [3], the different nodes may terminate each 
invocation of a consensus at different rounds, leading to a problem with the synchronized starts as- 
sumption. Assuming synchronized starts, the algorithm ByzConsensus can easily (almost without 
any change) produce the same result; I.e., for £ consecutive consensuses, ByzConsensus's running 
time will be 0(J + £). 

In this section we consider two results. First, we analyze ByzConsensus assuming synchronized 
starts of each consensus, and compare it to the results of [3]. Second, we augment ByzConsensus 
with ideas from [11] such that ByzConsensus can solve £ consensuses within 0(f + £) rounds even 
if the initiations of each consensus are not synchronized among the non- faulty nodes. 

5.1 Synchronized Starts 

We start with the assumption that all £ consensuses have synchronized starts. That is, all non- 
faulty nodes start the ith (out of £) instance of Byzantine consensus in the same round. With this 
assumption in place, ByzConsensus can be used almost as-is. The single modification required is 
to perform the initialization state (Line 1) only once for the entire sequence of £ consensuses (and 
not once per consensus). 

It is easy to see that the following two statements hold also for the modified algorithm: 

1. Each Byzantine node z can cause non-faulty nodes to disagree on z's gradecasted value at 
most once throughout the sequence of £ consensuses; 

2. The number of iterations of a given consensus instance i is min{/ + 2,£ + 1}, where / is the 
actual number of Byzantine nodes for which there are non-faulty nodes that do not agree on 
their gradecasted values during instance i. 

Using the above statements it is easy to conclude that for a sequence of £ sequential consensuses, 
the number of iterations of the modified ByzConsensus is at most t + 2-£, since each consensus 
takes at least 2 iterations to complete, and at most t more iterations are required (depending on 
the Byzantine nodes' behavior). 

Since each iteration is composed of executing gradecast, the total round complexity is 3 • t + 6 • £. 
Notice that in each iteration there are at most n gradecasts, each requiring 0(n ■ t) messages. 
Therefore, the total bit complexity of £ consensuses is O ((£ + £) • n 2 • tj = O (n 2 • t 2 + £ ■ n 2 ■ tj. 
By a simple optimization which defines a subset of 3 • t + 1 as performing the gradecast (and the rest 
of the nodes just "listen" to messages), the total bit complexity is reduced to O (n • £ 3 + £ ■ n ■ t 2 ). 

Note that ByzConsensus is optimal with respect to its Byzantine resiliency and the total 
running time ([3] is also optimal with respect to amortized message size and total bits). Lastly, 
Multi-Consensus is not a complicated algorithm, but ByzConsensus is even simpler. 

5.2 Unsynchronized Starts 

In this subsection we remove the assumption of synchronized starts of the different £ consensuses. 
This is done by implementing ideas of [11] in a way that is consistent with sequential executions 
of ByzConsensus. In [11] the authors show how to sequentially execute consensuses even if the 
consensuses are started at different times and terminate at different times. The reason we cannot 
use [11] 's results as-is in our case, is because [11] assumes that the running time of the algorithm 
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does not change over time; which does not hold for our solution. Specifically, ByzConsensus's 
kth execution's running time depends on what occurred in the k — 1 instances that preceded it. 
The required addition to ByzConsensus is as follows: 

1. If p wants to terminate according to ByzConsensus, it first sends "done" to every one, and 
waits; 

2. In addition, if node p receives t + 1 "done" messages, then p sends all nodes a "done" message 
as well; 

3. Lastly, if node p received 2 • t + 1 "done" messages, then p completes the current instance of 
ByzConsensus; 

Notice that if i is the first round in which some non- faulty node p halts, then all other non- faulty 
nodes either halt in round i, or in round i + 1. That is, non- faulty nodes terminate within one 
round of each other (no matter what difference there was between their starting times). 

Another addition required is to increase the length of each of ByzConsensus's rounds accord- 
ing to the difference between different non-faulty nodes' starting times. If the different starting 
times of each consensus instances is at most A rounds at different nodes, then each iteration of 
ByzConsensus needs to be increased by a factor of A so that messages of the i-th. round are 
received (and considered as messages of the i-th. round) by all other nodes. 

Remark 5.1 The increased length of each iteration is only with respect to the original ByzCon- 
sensus. The additions regarding the "done" messages are left as is. Thus, we ensure that non-faulty 
nodes still terminate within one round of each other. 

To see that the addition does not harm the correctness of ByzConsensus, consider the fol- 
lowing. Suppose p starts running at some round, and q starts running A rounds afterwards. By 
the correctness proof of ByzConsensus, if p terminates, then one iteration afterwards q will also 
terminate. But actually, there is an even stronger property: if p terminates then all other non- faulty 
nodes already have the same value as p (see Claim 7). I.e., if q terminates when p terminates, then 
it will terminate with the same value. 

To conclude, notice that the above addition ensures that a non-faulty node halts only if some 
non-faulty node has terminated in the execution of ByzConsensus. Thus, from that round onward, 
the sequence of non-faulty nodes' termination is valid. 

The above discussion leads to the following theorem: 

Theorem 4 The updated ByzConsensus algorithm solves £ sequential Byzantine consensus within 
0(A ■ (I + t)) rounds, while not requiring synchronized starts of the different consensus instances. 

6 Conclusion 

We presented a simple algorithm ByzConsensus that uses Gradecast as a building block, and 
solves the Byzantine consensus problem within 3 • min{/ + 2, t + 1} rounds. 

Two variations of ByzConsensus are given. The first one optimally solves the approximate 
agreement problem and reduces the message complexity of the best known optimal algorithm from 
0(n k ) to 0{k • n 3 ). The second variant of ByzConsensus optimally solves the multi consensus 
problem and efficiently supports unsynchronized starts of the consensus instances. 

All three algorithms have optimal resiliency, optimal running time (up to a constant multiplica- 
tive factor) and have the early stopping property. Aside from their improved simplicity, the two 
variants also improve (in different aspects) upon previously best known solutions. 
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